According to GitHub, 97% of applications and 90% of companies use open source code.1 Additionally, according to AquaSec, software supply chain attacks, which exploit open-source components, increased by over 300% in 2021.2
Malicious actors exploit open-source components because teams must manage large attack surfaces that are constantly changing, and they often have inadequate security measures and tools in place to protect themselves and their components.
For example, in 2022, attackers inserted malicious code into over 35,000 GitHub repositories, affecting an estimated 83 million developers.3
To protect themselves from this attack as well as future incidents, organizations urgently wanted to confirm that their open-source components and code did not contain malware or vulnerabilities and were not breached in this attack.
By adopting the correct best practices and security tools, enterprises are able to effectively protect their software supply chain. With the rise in supply chain attacks that exploit open-source components, SCA tools are becoming more widely used because they scan components for vulnerabilities and identify the composition and size of attack surface.